Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0986 Red Hat OpenShift Do openshift/odo-init-image 1.1.3 security update 23 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat OpenShift Do Publisher: Red Hat Operating System: Red Hat Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Existing Account Overwrite Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-12403 CVE-2020-12402 CVE-2020-12401 CVE-2020-12400 CVE-2020-12243 CVE-2020-8177 CVE-2020-7595 CVE-2020-6829 CVE-2020-1971 CVE-2019-20907 CVE-2019-20388 CVE-2019-19956 CVE-2019-17498 CVE-2019-17023 CVE-2019-17006 CVE-2019-15903 CVE-2019-14866 CVE-2019-12749 CVE-2019-11756 CVE-2019-11727 CVE-2019-11719 CVE-2019-5188 CVE-2019-5094 CVE-2018-20843 Reference: ESB-2021.0864 ESB-2021.0845 ESB-2021.0691 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0949 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenShift Do openshift/odo-init-image 1.1.3 security update Advisory ID: RHSA-2021:0949-01 Product: OpenShift Do Advisory URL: https://access.redhat.com/errata/RHSA-2021:0949 Issue date: 2021-03-22 Keywords: odo, developer, cli, iterative development, containers, openshift, kubernetes CVE Names: CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-1971 CVE-2020-6829 CVE-2020-7595 CVE-2020-8177 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 ===================================================================== 1. Summary: Updated openshift/odo-init-image container image is now available for Red Hat Openshift Do 1.0. 2. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. 4. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#low https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFhtvtzjgjWX9erEAQhdHg/7BWivBhQJI+Bs6OfgypsaRpNVq0hp0rXN DndSw2nut3kk4wvH3pi6sSClKT1exuoKVeQ/6sSnxMgvUgz1nCkHYBY5MuC1bu3X /I/Ct0RM1aLRE7f/2P2q9sZXKuZO2gKcl6QwW/5k5mJGY0Pj1h+c4EAipA5srbp+ A0KrVFlv95jpqydmyQj2LbxcKguJEcyU/+safTL3BXAT196BwHel35ZJPjnGkb+K vT9Rr67jmCE474C5MFVDsGrWejqtBqwS38AU4hBlPLEX7wUCYBBzCqxU4TuBLds/ dpGb8OmVFkeARsClPd9+a6g4lCQmwnarndjRT9r2GCaxpn2oGrqGXMOcJglx6CNY qzoAKQCkz22W037vbmBTMFh5VVELNjhO0Zh0gmL8Dy9gmwRK7oSCIiSfO9944Bwf YHxnP63IUnznB7ZpeyrSzVhRhZ/PbOoFXJ+gG0vg/T5M024yuNiK2Z3ghPvhcT26 +bXBFWHK+KAHAnoZJajXqsdUGPlSB8PAfwt4bkjReDfG7VNFctOlmjjNkyVkVBG5 ToO3KjH+oU2k5/ww5EbVR74yP1lAEAnafmOa6XfF7UFuCi91maxrLmgmaUjz/ibi UKbkmtcWNgFhJ3GB4Tp7tohxZZk6Nyu/x9VXg+kPyTc/bISe2GgA3ER82ZE5BxDw fGiplxCJYtQ= =VXNN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYFkrSeNLKJtyKPYoAQhO/xAAjhtBUoCxT2t/AUw7OA6wriEzL4CJq+UH wkEO6k1l3ghXCUpcOuG607Glfety56Lk7WSpmUQAEUYTE3Yp4m0GgvQyNuu70xAz 3hDQIJ+9VV3UMbm3CsBmY8agF09fSCbIB1CGoCxXGO5QzH4vwLuO2FmBEK/WPhhw hqkqr3c4aywEeo/TDaj2COU93TqF7SAjeymheYoYcdpsW4gPZEB0uWC8s2oekB2h FLS1nSvaZb/vzx4zw6Fplxou8mqHPoTfMfzIdDAhsvm6887FXE/4VuR4QDFObGk3 fu+evyb+hty8h4xbzx6ielan8xGaIr4iGhLlD/mQRwubcrBnd1vJt13DKCJ1UdXs BE46Lh2w7QAhEj5ekVxN0Fa8Myfz2T0MDo7yWa8ZfK3O1FtreHNvX5HT7k8YgtkK 84oiJHJbSwHk+KD07MAooJz2IR13NZ2QcmGDrQnKXEHlv5MMRaTdm8sgtDkmHc6H FBgQC5yv0VHpbgIp9nq3eWNNAYwlRZTeO7tiT+6uVZMOzV31cNhx1ivA/UBmmvMf VCv+NOHKBeu2DnUZdCmTPfa6JjPi+Kdp5DIc4/qrsmUvFI/BRfxpAfRVAuLGqEk0 xUL/eZ97rQ+i5RG8fgs1b7lxi+8v4F+yhDO5nxZ4u5JN2q0Hj9cuJH83RPFtPg+p IVigiWQDw3c= =Ix3i -----END PGP SIGNATURE-----